cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
1
Upvote

Analyzing a PDF File

carl_6924
Community Beginner ,
Dec 26, 2024 Dec 26, 2024

Hello,

 

I recently have been analyzing a PDF file using different tools such as peepdf, pdf-parser, Process Monitor, Procdot, and VirusTotal.  During my analyzation of the behavior of the file on VirusTotal, I noticed that there are a few files written that look concerning.  Can anyone help me identify them and inform me of whether or not they are potentially malicious?

A brief description of the nature of the file is it is supposed to be a document that contains nothing but text.

Peepdf informed me that there are over one hundred compressed objects.

 

The following files are only a few concerning looking files dropped  by the PDF file.

  • C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF57dc10.TMP (copy)
  • C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
  • C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
 
The following is a few of the many concerning files opened by the PDF file:
  • C:\Users\<USER>\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.dbC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b
  • C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\Comctl32.dl
  • C:\Program Files\Common Files\Microsoft Shared\OFFICE16\msoshext.dll
  •  
    C:\Program Files\Common Files\System\wab32.dll
  •  
    C:\Program Files\Google\Chrome\Application
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\C:\Program Files\Windows Defender\ShellExt.dll
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\MEIPreload\manifest.json
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\MEIPreload\preloaded_data.pb
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\WidevineCdm\manifest.json
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\chrome.dll
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\chrome_100_percent.pak
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\chrome_200_percent.pak
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\chrome_elf.dll
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\default_apps\
  •  
    C:\Program Files\Google\Chrome\Application\97.0.4692.99\default_apps\external_extensions.json

 

Can anyone help explain what is going on?

TOPICS
Create PDFs , Edit and convert PDFs , General troubleshooting , JavaScript , PDF , PDF forms , Security digital signatures and esignatures
349
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
Karl Heinz Kremer Community Expert
Community Expert ,
Dec 27, 2024 Dec 27, 2024

It looks like you are opening the PDF file in Chrome. You would have to talk to the Chrome developers about how they are handling PDF files. 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
carl_6924
Community Beginner ,
Dec 27, 2024 Dec 27, 2024
In Response To Karl Heinz Kremer

Thank you for clarifying the Chrome aspect for me.  I'm a little concerned about this line though:

 

C:\Program Files\Google\Chrome\Application\97.0.4692.99\C:\Program Files\Windows Defender\ShellExt.dl

 

Is there a reason why its opening my Windows Defender?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Karl Heinz Kremer Community Expert
Community Expert ,
Dec 28, 2024 Dec 28, 2024
LATEST
In Response To carl_6924

This again is a clear Chrome reference.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Open in a new window
Adobe Inc
Whats new in Acrobat DC
Open in a new window
Adobe Inc
Plan and Pricing
Open in a new window
Adobe Inc
Adobe Acrobat features and tools
Open in a new window
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Open in a new window
Edit Scanned PDFs
Open in a new window
PDF Forms
Open in a new window
Sign a PDF
Open in a new window
FAQs
How to Edit Scanned or Secured document
Open in a new window
Rotate | move | delete and renumber PDF pages
Open in a new window
Acrobat download and installation help
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices